“This is another example for the Internet of Things being a Botnet of Things, with another malware that distributes like wildfire in the Internet, even if the number of infected devices is less than the claimed 100,000. What most disturbs me here is the fact that this trend is likely to stay with us for at least a couple of years. Existing botnets remain active until the devices are patched or retired, which in IoT devices can take years. Moreover, new connected devices are still being released to the field without adequate protection, providing easy prey for the next IoT worm.

The power of this number of bot soldiers can be used in many various ways. Are we expected to see from this botnet intensive DDoS attacks on victim web servers like Mirai, distributed brute force attempts on login pages, or scanning web sites for SQL injection vulnerabilities? With botnets becoming a commodity, and the botnet-for-hire market flourishing, my guess is that we will see some of all of the above.”